The vulnerability is caused by missing access restrictions and missing input validation in the cmd parameter and can be exploited to inject and execute arbitrary shell commands.
It is possible to start a telnetd to compromise the device.

For changing the current password there is no request to the current password

With this vulnerability an attacker is able to change the current password without knowing it. The attacker needs access to an authenticated browser.

Insecure Cryptographic Storage:

There is no password hashing implemented and so it is saved in plain text on the system:

# cat var/passwd"admin" "test" "0"

Positive Technologies has released an advisory in 2011 and D-Link has fixed this issue:http://en.securitylab.ru/lab/PT-2011-30
With the current version of the firmware the passwords are stored again in plaintext.

If you combine the plaintext credential vulnerability with the unauthenticated os command injection vulnerability you will get the following one liner to extract the admin password from every vulnerable device:

14.12.2012 - discovered vulnerability
14.12.2012 - contacted dlink with the new vulnerability details via webinterface
20.12.2012 - contacted Heise Security with details and Heisec forwarded the details to D'Link
21.12.2012 - D'link responded that they will check the findings *h00ray*
11.01.2013 - requested status update
25.01.2013 - requested status update
25.01.2013 - D'Link responded that this is a security problem from the user and/or browser and they will not provide a fix. Quite interesting but ok ...
25.01.2013 - I gave more details and as much input as possible so they can evaluate the vulnerabilities better
04.02.2013 - no more responses from D'Link, public release

im really noob in the subject, but, how can i recover the password of DIR 600? I already tried all defaults passwords but I think my brother changed it, the problem he's traveling, the modem in his room and its closed and i think somebody is stealing my connection. ty

I was able to get the admin password from a friends router through the
"plaintext credential vulnerability with the unauthenticated os command injection" and logged in successfully to the webinterface which was reachable over the internet ... !

Disclaimer

The views expressed on this site are my own and do not reflect those of my current employer or its clients. This "work" has been done in my free time and therefore it's not related to my current company in any way.

Potential intruders are in what military strategists call "the position of the interior": the defender has to defend against every possible attack, while the attacker has to find only one weakness.
Bruce Schneier (01-05-2001)